Your MSSQL environment is vulnerable and I can prove it

SQL Server environments are often assumed to be secure by default. This session challenges that assumption. Starting from a low-privileged SQL login, I will demonstrate how design decisions, legacy features, and overlooked behaviors inside the MSSQL engine can be combined to achieve full instance compromise.
The presentation walks through real-world attack paths observed across on-premises and cloud-hosted SQL Server deployments, showing how privilege boundaries can be bypassed, sensitive data exposed, and administrative control obtained without exploiting traditional memory corruption bugs.
Beyond the offensive techniques, the focus is on why these issues exist and how they persist in production systems. Attendees will learn how to assess their own environments, recognize high-risk configurations, and apply practical defensive controls to reduce attack surface and prevent privilege escalation before an attacker proves it for them.

1. Cloud and on-prem parity The same techniques apply across on-prem SQL Server and managed offerings (Azure SQL, Cloud SQL, RDS, ApsaraDB). This challenges the common belief that PaaS automatically eliminates escalation risk. 2. Proven with responsible disclosure The findings are based on real vulnerabilities disclosed to cloud providers, with confirmed fixes and timelines. This moves the talk from theory to verifiable impact. 3. Recognize high-risk configurations Attendees will learn how attackers realistically move from a low-privileged SQL login to full control, using behaviors that exist in default and managed MSSQL environments. This enables DBAs, developers, and security teams to recognize high-risk configurations they may currently trust.